1. Field of the Invention
This invention relates to networks, and more specifically to authorizing access to user information in a network or system.
2. Background Information
Devices and entities on networks generally communicate among each other regularly, sending instructions and/or data. Before a first network device would send information to a second network device about a user's status, the first network device must make sure that the second network device is an authorized device to receive information about the user's status. In some networks, users must register with a network entity, therefore, this network entity is sent information about the user and its current registration with the network. Network devices desiring to receive information about users' registration state information may then access the network entity containing the information to determine that the user is actually registered or not. Further, the network entity performs an authorization process after a successful authentication process whereby a network device requesting the information of certain user(s) is verified to determine that the requesting network device is authorized to receive the information of the user(s). If the first network device is not authorized, then the network entity may not send the user's registration state information to the first network device. If the first network device is authorized to receive information of the user's registration state information, the network entity may then forward this information to the first network device.
One example of this is in Third Generation Partnership Project International Mobile Subscriber Internet Protocol Multimedia Subdomain (3GPP IMS) release 5 networks that use the Session Initiation Protocol (SIP) registration state event package to inform network devices about the state of the registration of the subscribers to the event package. 3GPP IMS Release 5 uses the SIP registration state event package to inform about the state of the registration to the subscribers of the event package. All SIP event packages, including the registration state event package, require authentication and authorization of the SIP SUBSCRIBE requests before accepting them by the notifier (receiver of the request). In 3GPP IMS Release 5, authentication is solved during registration, the Proxy Call State Control Function (P-CSCF) always inserts a trustable identity of the user to all subsequent SIP requests.
However, current Rel-5 networks/systems do not provide any authorization solution for the registration state event package. Rel-5 specifications restrict the list of authorized subscribers to be the user whose registration state is in question and the P-CSCF, which all SIP communication of the particular user is transferring through. The actual solution of how the Serving Call State Control Function (S-CSCF) (notifier of the event package) decides, whether the source of the SIP SUBSCRIBE request is authorized, is left undefined. Without authorization, any user can subscribe to somebody else's registration state and receive the status of all the public user identities of that particular user, or an address of record, public address, etc. of the user.